SSH Public Key Authentication – Manual Setup
SSH public key authentication allows ssh login without password. Because public key is, well, public, the same key can be used in many servers without risk.
If you want it to Just Work™, use ssh-uploadkeys.
© 2005 Tero Karvinen
Procedure
Below, I have used “local$” prompt for local computer. You sit in front of your local computer and type commands with its keyboard. Commands that are given on a remote computer are marked with a “remote$” prompt. Remote computer is the one that you connect with ssh. Not suprisingly at all, it makes a big difference whether you give commands to local or remote computer.
local$ cd $HOME/.ssh/ local$ sftp tero@server.example.com
Connecting to server.example.com… tero@server.example.com’s password: 2secret sftp> put id_dsa.pub id_dsa.pub 100% 616 47.3KB/s 00:00 sftp> exit
Now you have a key pair. The secret key is in local computer, on users home directory (/home/erkki/.ssh/id_dsa). Public key has been copied to remote server, and is now stored in the home directory of the user of remote computer (/home/tero/id_dsa.pub on server.example.com).
Put your public key to authorized_keys
Connect to remote server:
local$ ssh tero@server.example.com tero@server.example.com's password: 2secret server$
Now we are connected to server.example.com, and using it remotely as user tero. Note that the prompt usually changes to indicate this. Here, I have used “local$” for local computers prompt and “server$” for server.example.coms prompt. Optionally, you can check with
ls
that
id_dsa.pub
really is in user teros home directory on server.example.com.
Next, we put contents of id_dsa.pub (our public key) to the end of the list of authorized public keys, stored in a file called authorized_keys. Both id_dsa.pub and authorized_keys are normal text files.
If .ssh does not exist yet, it is created. Public key is printed (to standard out) with
cat
, and this is redirected to end of authorized_keys.
server$ mkdir -p .ssh server$ cat id_dsa.pub >>.ssh/authorized_keys
Put very restrictive permissions to these authorization files, just to make sure.
server$ chmod og-rxw $HOME/.ssh $HOME/.ssh/authorized_keys
Test
Let’s try connecting to server from local computer. Now that we have public key authentication working, it should no longer ask for a password. If you are still using server.example.com remotely, exit.
server$ exit local$ ssh tero@server.example.com
server$
It did not ask for a password, so you have successfully installed public key authentication for ssh.
Copyright 2004 Tero Karvinen www.iki.fi/karvinen. GNU Free Documentation License